[Solved] javax.net.ssl.sslhandshakeexception

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Sometime you might have received this kind of exception while running your application. The main reason behind this error is, the URL you are trying to access have no valid certificate issued from an authorized CA. In such cases you have to add those certificates to your JRE to make it a valid one. By using the following steps, you can make it working.
Steps:
  1. Download security certificate from Server
    1. Open the URL from IE
    2. You will get a certificate related warning message. Click on view certificate and then Install certificate. Ignore warning messages if gets displayed.
    3. Now go to Tools->’Internet Options’ ->Content->Certificates.
    4. Locate the installed certificate from the list of certificates.
    5. Click “export” button and save it as “DER encoded binary” in somewhere in your PC.
  2. Add certificate to JRE
    1. Open a Command Prompt.
    2. Go to “bin” directory of your JRE.
    3. Use keytool command as follows to import the certificate to JRE.
      • keytool -import -alias mycertificate -keystore ..\lib\security\cacerts -file c:\mycert.cer
      • It will ask for a password. By default the password is “changeit“.
      • Here I assume that your certificate is saved as “mycert.cer” in “c:\” directory.
Thats all. You have successfully added the SSL certificate to your JRE.
To confirm this use the following command.
keytool -list
It will display all the certificates added to the JRE cert.

14 thoughts on “[Solved] javax.net.ssl.sslhandshakeexception

  1. Hi I am getting the same error as shown below:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at RestCall.getResponseFromPSH(RestCall.java:66)
    at RestCall.main(RestCall.java:25)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    … 14 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)

    I followed the steps. but its not working. Kindly help me to fix it

  2. please help i am also getting this error
    ——————–Configuration: ——————–
    Exception in thread “main” javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
    nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1706)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:525)
    at javax.mail.Service.connect(Service.java:291)
    at javax.mail.Service.connect(Service.java:172)
    at GoogleMail.Send(GoogleMail.java:93)
    at GoogleMail.Send(GoogleMail.java:35)
    at GoogleMail.main(GoogleMail.java:100)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1540)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:203)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:197)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:532)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:470)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:837)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1049)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1076)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1060)
    at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:503)
    at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:234)
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1672)
    … 6 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
    at sun.security.validator.Validator.validate(Validator.java:235)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
    … 16 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
    … 22 more

    Process completed.

  3. Jyothis..
    I am having the same error and am really bugged for 3 days..!!! its really screwing me now… In my application I have imported the trusted certificate in a different keystore which i am using in my application to trust it. Googled a lot and everyone is suggesting to add the trusted CA in jdk but its not possible since my application can be migrated to a different machine according to the requirement. Can you suggest me a possible solution ? thanks in advance :)
    I am pasting you some of the error log that i am getting..

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

Leave a Reply

Your email address will not be published. Required fields are marked *